Crypto trading platform Hashflow has assured affected users will be “made whole” following an exploit that saw at least $600,000 in digital assets removed from the platform.
On June 14, blockchain security firm Peckshield reported an ongoing issue with the Hashflow trading platform.
“It appears there is an approve-related issue,” the firm noted, reporting losses of around $600,000 in Arbitrum (ARB) and Ethereum (ETH).
A couple of hours later, Hashflow alerted users that they were addressing the current situation related to contract approvals as flagged by Peckshield, adding:
The firm, which provides cross-chain swaps as part of its trading services, added that its decentralized exchange “was in no way impacted and remains fully operational.”
We’re addressing the current situation flagged by @peckshield. Please be assured that:1. All users comprising the ~$600K affected will be made whole.2. The Hashflow DEX was in no way impacted and remains fully operational.We will share a detailed post mortem once complete.
Peckshield suggested that the hacker that carried out the exploit may be a white hat hacker, as they provided a contract with a recovery function along with a second option for a donation.
Hashflow updated its status on June 15 providing recovery instructions for those affected by the exploit which impacted Ethereum, Arbitrum, Avalanche, BNB Chain, and Polygon.
Users were told they must “revoke approvals before recovering funds.”
There are two options for fund recovery, the first is for total funds and the second will donate 10% to the supposed white hat hacker that exploited the vulnerability but prevented further losses in doing so.
DeFi enthusiast ‘YannickCrypto’ detailed the process noting that the white hat had
Read more on cointelegraph.com